RADIUS Accounting

RADIUS accounting logs all of the activity of each remote user in a session on the centralized RADIUS accounting server.

Session-IDs for each RADIUS account generate as 12-character strings. The first four characters in the string form a random number in hexadecimal format. The last eight characters in the string indicate the number of user sessions started since the last restart, in hexadecimal format.

The Network Address Server (NAS) IP address for a session is the address of the device interface to which the remote session is connected over the network. For a console session, modem session, and sessions running on debug ports, this value is set to 0.0.0.0, as is the case with RADIUS authentication.

The following table summarizes the events and associated accounting information logged at the RADIUS accounting server.

Table 1. Accounting Events and Logged Information

Event

Accounting information logged at server

Accounting is turned on at router

  • Accounting on request: NAS IP address

Accounting is turned off at router

  • Accounting off request: NAS IP address

User logs on

  • Accounting start request: NAS IP address

  • Session ID

  • User name

More than 40 CLI commands are executed

  • Accounting interim request: NAS IP address

  • Session ID

  • CLI commands

  • User name

User logs off

  • Accounting stop request: NAS IP address

  • Session ID

  • Session duration

  • User name

  • Number of input octets for session

  • Number of octets output for session

  • Number of packets input for session

  • Number of packets output for session

  • CLI commands

When the device communicates with the RADIUS accounting server, the following actions occur:

  1. If the server sends an invalid response, the response is silently discarded and the server does not make an attempt to resend the request.

  2. User-specified number of attempts are made if the server does not respond within the user-configured timeout interval. If a server does not respond to any of the retries, requests are sent to the next priority server (if configured). You can configure up to 10 RADIUS servers for redundancy.

Note

Note

RADIUS server used‐by endpoint‐tracking does not support accounting.